Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).


SkiifGeek's Journal: Microsoft (Multiple) - Remote Hacker Automatic Control

Journal by SkiifGeek

Microsoft (Multiple) - Remote Hacker Automatic Control

        -- Products Affected --
        Windows 2000, XP, 2003
        Internet Explorer
        Visual Studio

        -- Technical Description --
        MS06-072 - Internet Explorer cumulative update. Arbitrary code execution affecting DHTML and active scripting, information disclosure affecting Temporary Internet Files (TIF) folder. Critical.
        MS06-073 - Visual Studio 2005. Arbitrary code execution due to WMI Object Broker ActiveX control. Critical.
        MS06-074 - SNMP implementation error can lead to arbitrary code execution. Important.
        MS06-075 - File Manifest Corruption leading to Privilege Escalation. Important.
        MS06-076 - Outlook Express arbitrary code execution at the local user level. Important.
        MS06-077 - Remote Installation Service arbitrary code execution (Windows 2000 ONLY). Important.
        MS06-078 - Windows Media Format remote arbitrary code execution. This is the .asx playlist issue brought to light in the last couple of weeks, along with another issue. Critical.

        -- Description --
        Microsoft delivered seven patches, instead of the expected six, with the December Security Update released today. Even though less than half of the patches are rated as Critical, almost all vulnerabilities can lead to arbitrary code execution for at least some end users. Notable by omission are the most recent Microsoft Word vulnerabilities for which there are targeted exploit attempts in use.

        -- Recommended Action --
        All users and administrators should apply the updates at the earliest opportunity.

        -- Source --

        -- Updates Available --

        -- External Tracking Data --
        CVE-ID: CVE-2006-5579 (MS06-072)
        CVE-ID: CVE-2006-5581 (MS06-072)
        CVE-ID: CVE-2006-5578 (MS06-072)
        CVE-ID: CVE-2006-5577 (MS06-072)
        CVE-ID: CVE-2006-4704 (MS06-073)
        CVE-ID: CVE-2006-5583 (MS06-074)
        CVE-ID: CVE-2006-5585 (MS06-075)
        CVE-ID: CVE-2006-2386 (MS06-076)
        CVE-ID: CVE-2006-5584 (MS06-077)
        CVE-ID: CVE-2006-4702 (MS06-078)
        CVE-ID: CVE-2006-6134 (MS06-078)

        -- Threat Matrix --
                        U O
        Home User 10 10 (Highly Critical)
        Corporate 10 10 (Highly Critical)

This discussion has been archived. No new comments can be posted.

Microsoft (Multiple) - Remote Hacker Automatic Control

Comments Filter:

The universe seems neither benign nor hostile, merely indifferent. -- Sagan